How to use FinishDiscoverableLogin? #439
-
|
Hi there! I need some help understanding this. I'm implementing authentication in my app using passkeys. What confuses me is that FinishDiscoverableLogin doesn't return a user. After authentication, we need the user's ID—otherwise, it’s not very useful. But FinishDiscoverableLogin only returns a credential. Am I supposed to search the database for the user using credential.ID? But didn’t we already perform a user lookup in the database during the handler? This seems like a minor inefficiency, or am I missing something? An extra database query isn’t a big deal—I’m just concerned about whether I understand the logic correctly. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
|
There's a |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the response! You mentioned that FinishPasskeyLogin was added to replace FinishDiscoverableLogin (to avoid breaking the API), but I can’t find this method. Is FinishPasskeyLogin documented or implemented elsewhere? Should I use an unreleased version of the library, or is this planned for a future update? 
|
Beta Was this translation helpful? Give feedback.
-
|
I must have only added the Validate variant. I can add the Finish variant. Here's the Validate variant: https://github.com/go-webauthn/webauthn/blob/master/webauthn/login.go#L243 Here's what a function like this would look like (and you can use this today locally with minor tweaking): // FinishPasskeyLogintakes the response from the client and validate it against the handler and stored session data.
// The handler helps to find out which user must be used to validate the response. This is a function defined in your
// business code that will retrieve the user from your persistent data.
func (webauthn *WebAuthn) FinishPasskeyLogin(handler DiscoverableUserHandler, session SessionData, response *http.Request) (user User, credential *Credential, err error) {
parsedResponse, err := protocol.ParseCredentialRequestResponse(response)
if err != nil {
return nil, err
}
return webauthn.ValidatePasskeyLogin(handler, session, parsedResponse)
} |
Beta Was this translation helpful? Give feedback.
-
|
@james-d-elliott this is what I did, exactly. The thing is using protocol.ParseCredentialRequestResponse feels like meddling under the hood. So I'm totally in favor of adding FinishPasskeyLogin. Thank you so much for your help and great module!🔥 Using passkeys in my GO apps take off so much burden. |
Beta Was this translation helpful? Give feedback.
-
|
https://github.com/go-webauthn/webauthn/releases/tag/v0.13.2 and also drastically improved the go docs. Would love to get the references in the overview to link to the relevant sections though... |
Beta Was this translation helpful? Give feedback.
I must have only added the Validate variant. I can add the Finish variant. Here's the Validate variant:
https://github.com/go-webauthn/webauthn/blob/master/webauthn/login.go#L243
Here's what a function like this would look like (and you can use this today locally with minor tweaking):